1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

208 Commits

Author SHA1 Message Date
32c28cebb4 Merge pull request from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
b4f5076270 debug: move internal functions declarations to an internal header file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:30:46 +01:00
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
8860021abc Fix false claim of variables used unitialised
GCC with TSan + O3 causes an error where it claims key_len and iv_len
may be used uninitialised. This is, as far as I can tell incorrect (the
only way it could not be set is in the error case, and then it is not
used), however the simplest option seemed to be just to fix it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-12-18 14:49:34 +00:00
ce38adb731 Fix header in ssl_tls13_keys.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 10:29:25 +00:00
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
56e9011bde Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:28:06 +02:00
66f9b3f810 Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:26:23 +02:00
2eab462a8c Fix IAR warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
ca8c61b815 Provide and use internal function mbedtls_zeroize_and_free()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-17 15:17:40 +01:00
461d59b2f8 Merge pull request from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
3d0c8255aa Merge pull request from daverodgman/cipher_wrap_size
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
7ac93bea8c Adapt names: dh -> xxdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
d5f79e7297 Adapt functions names for ffdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
6f199859b6 Adapt handshake fields to ffdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00
56b159a12a Merge pull request from mprse/ffdh_tls13_v2
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
ef2f3697ec Fix direct reference to cipher_info->key_bitlen
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 17:31:08 +01:00
1e4a030b00 Fix wrong array size calculation in error translation code
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
0064484a70 Optimize error translation code size
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:46 -04:00
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
c89f3ea9f2 Add support for FFDH in TLS 1.3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
02b10d8266 Add missing include
Fix build failures with config full

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
1f2a587cdf Use actual function instead of static inline
Large static inline functions used from several translation units in the
library are bad for code size as we end up with multiple copies. Use the
actual function instead. There's already a comment that says so.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
2d6d993662 Use MD<->PSA functions from MD light
As usual, just a search-and-replace plus:

1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
123cde824c Improve code styles(line numbers) for tls13_key.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
080a22ba75 ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
0c8ec3983e ssl_tls: fix proper guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
70341c17b7 Merge pull request from yanrayw/6675-change-early_secrets-to-local
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
2023-02-14 09:03:32 +01:00
6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
f206c1493b Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 13:55:47 +08:00
a12cecbe47 Modify some comments in ssl_tls13_keys.c
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-01 14:29:51 +08:00
ef5ec8f5ba Rename static functions in ssl_tls13_keys.c
As some static functions are only used inside ssl_tls13_keys.c,
the prefix mbedtls_ should be removed. Furthermore, code format is
also maintained to fix code style.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 15:11:03 +08:00
0540211078 Enhancement: change some functions to static in ssl_tls13_keys.c
Since some functions are only used in ssl_tls13_keys.c not by any
other modules, those functions are changed to static.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:54:26 +08:00
16c895dff3 TLS1.3: zeroize tls13_early_secrets after its lifetime
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
bae9e74d39 Enhancement: change tls13_early_secrets to local variable
Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
aec08b3f42 fix various format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-29 15:19:27 +08:00
3d78e08ac0 erase early secrets and transcripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
a5db6c0ce3 fix coding style issues.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
e31688b7fa fix comments issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
a8771839e8 Refactor make_traffic_keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
3ce61ffca6 fix comments and function name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
b094e124f2 fix various issues
- Alignments
- comment words in doxygen paragraph

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
91b560f38d Add compute early transform
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
84a6edac10 change signature of get_cipher_key_info
- it is a static function. The name is not follow nameing ruler
- move the position.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
a2900bcd1e tls13: keys: Simplify code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
fa1e04a7c4 tls13: keys: Fix PSK build only case
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00